9768 matches found
Advanced Guestbook 2.4.2 - 'Lang' Cookie Local File Inclusion
source: https://www.securityfocus.com/bid/23876/info Advanced Guestbook is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. Exploiting this issue may allow an unauthorized user to view files and execute local scripts. Advanced Guestbook 2.4.2 ...
Advanced Guestbook 2.4.2 - 'picture.php' Cross-Site Scripting
source: https://www.securityfocus.com/bid/23873/info Advanced Guestbook is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting...
[Full-disclosure] Advanced Guestbook version 2.4.2 Directory Traversal Vulnerability
netVigilance Security Advisory 13 Advanced Guestbook version 2.4.2 Directory Traversal Vulnerability Description: Advanced Guestbook is a PHP-based guestbook script. It includes many useful features such as preview, templates, e-mail notification, picture upload, page spanning , html tags handlin...
Fenice OMS server 1.10 Remote Buffer Overflow Exploit (exec-shield)
No description provided by source. / Fedora Core 6 exec-shield based Fenice OMS server fenice-1.10.tar.gz remote root exploit by Xpl017Elz Advanced exploitation in exec-shield Fedora Core case study URL: http://x82.inetcop.org/h0me/papers/FCexploit/FCexploit.txt Reference:...
Sql injection
SQL injection vulnerability in CA Clever Path Portal allows remote authenticated users to execute limited SQL commands and retrieve arbitrary database contents via 1 the ofinterest parameter in a light search query, 2 description parameter in the advanced search query, and possibly other vectors...
Oracle Database Advanced Replication component DBMS_SNAP_INTERNAL overflow
Added: 04/25/2007 CVE: CVE-2007-2116 BID: 23532 OSVDB: 39933 Background Package DBMSSNAPINTERNAL of schema SYS is an Advanced Replication component used internally by Oracle Database. Problem A buffer overflow vulnerability in DBMSSNAPINTERNAL allows remote attackers to execute arbitrary commands...
[security bulletin] HPSBST02200 SSRT071330 rev.1 - HP StorageWorks Command View Advanced Edition for XP, Local Unauthorized Access
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c00911797 Version: 1 HPSBST02200 SSRT071330 rev.1 - HP StorageWorks Command View Advanced Edition for XP, Local Unauthorized Access NOTICE: The information in this Security Bulletin should be acte...
Oracle Database Advanced Replication component DBMS_SNAP_INTERNAL overflow
Added: 04/25/2007 CVE: CVE-2007-2116 BID: 23532 OSVDB: 39933 Background Package DBMSSNAPINTERNAL of schema SYS is an Advanced Replication component used internally by Oracle Database. Problem A buffer overflow vulnerability in DBMSSNAPINTERNAL allows remote attackers to execute arbitrary commands...
GNU Mailutils imap4d 0.6 Remote Format String Exploit (exec-shield)
Exploit for linux platform in category remote exploits =================================================================== GNU Mailutils imap4d 0.6 Remote Format String Exploit exec-shield =================================================================== / Fedora Core 6 exec-shield based GNU...
Buffer overflow
Unspecified vulnerability in the Advanced Replication component in Oracle Database 9.0.1.5+, 9.2.0.7, and 10.1.0.5 has unknown impact and attack vectors, aka DB10. NOTE: as of 20070424, Oracle has not disputed claims that these are buffer overflows in kkzi.o for the SYS.DBMSSNAPINTERNAL package...
CVE-2007-2116
Unspecified vulnerability in the Advanced Replication component in Oracle Database 9.0.1.5+, 9.2.0.7, and 10.1.0.5 has unknown impact and attack vectors, aka DB10. NOTE: as of 20070424, Oracle has not disputed claims that these are buffer overflows in kkzi.o for the SYS.DBMSSNAPINTERNAL package...
CVE-2007-2116
Unspecified vulnerability in the Advanced Replication component in Oracle Database 9.0.1.5+, 9.2.0.7, and 10.1.0.5 has unknown impact and attack vectors, aka DB10. NOTE: as of 20070424, Oracle has not disputed claims that these are buffer overflows in kkzi.o for the SYS.DBMSSNAPINTERNAL package...
CVE-2007-2116
Summary of CVE-2007-2116 (Oracle DB): A buffer overflow in the Oracle Database Advanced Replication component, specifically in package SYS.DBMS_SNAP_INTERNAL, affects Oracle Database 9.0.1.5+, 9.2.0.7, and 10.1.0.5. The vulnerability may allow remote command execution via the SNAP_OWNER or SNAP_N...
Microsoft Windows CSRSS MSGBox远程代码执行漏洞
Microsoft Windows是一款商业性质的操作系统。 Microsoft Windows客户端/服务端实时子系统处理存在问题,远程攻击者可以利用漏洞以系统进程权限执行任意指令。 由于CSRSS服务处理错误消息存在问题,攻击者通过构建特殊的应用程序来触发此漏洞,可导致以系统进程权限执行任意指令。目前没有详细漏洞细节提供。 Microsoft Windows XP Tablet PC Edition SP2 Microsoft Windows XP Tablet PC Edition SP1 Microsoft Windows XP Tablet PC Edition Microso...
advanced-rfi.txt
------------------------------------------------------------------------------ Advanced Login = 0.7 root Remote File Inclusion Vulnerability ------------------------------------------------------------------------------ Author : Zeni Susanto a.k.a Bithedz Date Found : Maret, 29th 2007 Location :...
CVE-2007-1779
The CVE-2007-1779 issue affects the MySQL back-end of Advanced Website Creator (AWC) prior to 1.9.0. Vulnerability is described as multiple SQL injection flaws that could allow remote attackers to execute arbitrary SQL via unspecified parameters, linked to the use of mysql_escape_string instead o...
Remote file inclusion
PHP remote file inclusion vulnerability in login/engine/db/profiledit.php in Advanced Login 0.76 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the root parameter...
CVE-2007-1766
PHP remote file inclusion vulnerability in login/engine/db/profiledit.php in Advanced Login 0.76 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the root parameter...
Advanced Login <= 0.7 (root) Remote File Inclusion Vulnerability
No description provided by source. ------------------------------------------------------------------------------ Advanced Login = 0.7 root Remote File Inclusion Vulnerability ------------------------------------------------------------------------------ Author : Zeni Susanto a.k.a Bithedz Date...
CVE-2007-1766
PHP remote file inclusion vulnerability in login/engine/db/profiledit.php in Advanced Login 0.76 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the root parameter...